Robots can make us safer
I’m often critical of robots (slang for machine algorithms), but I wanted to take a beat to call out an activity they can be put to work on that makes us all safer. Unlike Bender from Futurama, some robots are actually productive members of society doing things that people can’t.
Robots can look at everything
One attribute of machine algorithms that can be both good and bad is — given enough access and computing capacity — an algorithm can look at everything. In the case of facial recognition and broad surveillance applications, this is pause for concern. But, when it comes to reviewing human-written code for potential security flaws, it’s amazing.
Security vulnerabilities in code are almost never intended and are often the result of lack of experience combined with creative problem solving. Creative problem solving is good, but, obviously, security flaws are not.
How it works
In modern times, code is generally committed to a repository or central depot where it is stored and eventually deployed. The most popular repository, by a long stretch, is called GitHub (if you want to sound smart the next time you meet a programmer, ask if they are using GitHub as their code repository.)
Once code is committed to the repository, organizations should have one (or more) automation code review tools (Codacy, SonarQube, etc.) in place to check for code quality and potential security flaws. The automated tool (aka “the robot”) then provides feedback to the programmer and blocks the ability for code to be deployed into the live environment, keeping everyone safe — the programmer, the company, and, most importantly, the application/website users.
In addition, robots also enable real-time response to emerging threats. The new GitHub Dependbot scans for supply chain vulnerabilities (capturing headlines in recent months) AND automatically gives management visibility into code health as simple letter grades, to easily survey where things are.
In an ideal scenario (as we do at Metal Toad), all this automated code review should also be supplemented by actual human review. But, some teams may not have the available programmer, time, or budget to make this happen.
We should be wary of the increasing role that algorithms will have in our world. Machine algorithms will displace people and make some jobs obsolete. However in the case of automated code audits, machines can do the work that humans may not have the time or interest in doing themselves.